With Red Hat Satellite Capsule Server, you can manage Red Hat Enterprise Linux (RHEL) hosts across multiple platforms and geographic locations. A Satellite Capsule Server maximizes availability by enabling content and software to be accessed by systems, even when the Satellite Server is unavailable. In addition, the Satellite Capsule Server helps manage load and congestion when there are a large number of systems.
This article provides a concise guide toSatellite Capsule Server deployment. First, I discuss planning considerations for deploying a Satellite Capsule Server. Next, I review software installation and configuration. Finally, I present the option of configuring alternate content sources (ACS).
The value of Satellite Capsule Servers
Satellite Capsule Servers help scale Red Hat Enterprise Linux environments with the following capabilities:
- Improve the availability of content sources: Satellite Capsule Servers can cache metadata and content from the Satellite Server, so hosts can still access content if the Satellite Server becomes unavailable
- Scale performance: Satellite Capsule Servers help distribute load, maintaining the performance of managing RHEL systems as they scale in volume. Satellite Capsule Servers can also make use of alternate content sources to save on bandwidth costs while maximizing throughput so systems are updated as quickly as possible
With a Satellite Capsule Server, you can extend the reach and scalability of your Satellite deployment. You can mirror content from Satellite Server to establish content sources in various geographical or logical locations. By registering a host to a Satellite Capsule Server, you can configure that host to receive content and configuration from the Satellite Capsule Server in its location rather than from the central Satellite Server. You can run localized services to discover, provision, control and configure hosts.
Planning Satellite Capsule Server deployment
Satellite Capsule Servers can help solve problems related to both availability and scale.
Availability
Satellite Capsule Servers can be used to simplify the patching of Satellite infrastructure. The upgrade or update procedure doesn't require both Satellite and Satellite Capsule Server to be upgraded at the same time. Your Red Hat support includes the ability to run a Satellite Capsule Server that's one major version behind the current version.
Satellite Capsule Servers are asynchronously connected to the Satellite Server, so periodic disconnections between Satellite and Satellite Capsule Servers don't disrupt the availability of content or software provided to your RHEL systems. Computing environments spanning multiple geographic regions or data centers can be serviced by capsule servers to mitigate the risk of network disruption.
Scale
For environments with several thousand systems managed, Satellite Capsule Servers can be used to improve the performance of bulk operations (such as remote execution and patching). Rather than dispatching all tasks from a single Satellite Server, the tasks can be distributed across multiple Capsule Servers.
Installing and configuring a Satellite Capsule Server
Before you install a Satellite Capsule Server, you must meet some requirements for storage and performance. You must use high-bandwidth, low-latency storage for the /var/lib/pulp/
directory. Red Hat Satellite has many operations that are I/O intensive, so ensure that your installation has a speed in the range of 60 to 80 Mbps. For full details on scaling performance as compute resources increase, read the Satellite Capsule Server Compute Performance guidelines.
The server you're going to install Satellite Capsule Server onto must be registered to your Satellite Server. If you don't register the server you're going to use as a capsule, then you won't have access to the Satellite Capsule Server software repositories.
Enable the software repositories
You must enable the required repositories on the server you're going to use as a capsule. In this article, commands run on the Satellite Capsule Server are presented with a capsule prompt. Commands run on the Satellite Server use the satellite prompt.
capsule$ sudo subscription-manager repos --disable "*"
capsule$ sudo subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms \
--enable=rhel-8-for-x86_64-appstream-rpms \
--enable=satellite-capsule-6.15-for-rhel-8-x86_64-rpms \
--enable=satellite-maintenance-6.15-for-rhel-8-x86_64-rpm
Open the necessary ports on the Satellite Capsule Server
You must open some ports on the Satellite Capsule Server:
capsule$ sudo firewall-cmd --permanent \
--add-port="5647/tcp" \
--add-port="8000/tcp" \
--add-port="9090/tcp"
capsule$ sudo firewall-cmd --permanent \
--add-service=dns \
--add-service=dhcp \
--add-service=tftp \
--add-service=http \
--add-service=https \
--add-service=puppetmaster
capsule$ sudo firewall-cmd --reload
Open the necessary port on the Satellite Server
Similarly, you must open ports on the Satellite Server:
satellite$ sudo firewall-cmd --permanent --add-port="5646/tcp"
satellite$ sudo firewall-cmd --reload
Enable the module
Next, enable the satellite-capsule
module:
capsule$ sudo dnf module enable satellite-capsule:el8
Install the Satellite Capsule Server software
With all the preparation work done, it's time to install the Satellite Capsule Server software onto your server. It's just a single command:
capsule$ sudo dnf install satellite-capsule
Install SSL certificate
Once the Satellite Capsule Server software is installed, you need to generate SSL certificates on your Satellite Server, and copy them to your Satellite Capsule Server. Red Hat Satellite uses SSL certificates to enable encrypted communications between Satellite Server, external Satellite Capsule Servers and all hosts. Depending on the requirements of your organization, you must configure your Satellite Capsule Server with either a default or custom certificate. In this example, I use the default self-signed certificate.
On the Satellite Server, make a directory to store your certificate:
satellite$ sudo mkdir /root/capsule_cert
On the Satellite Server, generate the certificate tarball:
satellite$ sudo capsule-certs-generate \
--foreman-proxy-fqdn capsule.lab \
--certs-tar /root/capsule_cert/capsule.lab-certs.tar
The --foreman-proxy-fqdn
option requires the fully qualified domain name (FQDN) of the Satellite Capsule Server. Here's the output of the capsule-certs-generate
command:
satellite$ sudo mkdir /root/capsule_cert
satellite$ sudo capsule-certs-generate \
> --foreman-proxy-fqdn capsule.lab \
> --certs-tar /root/capsule_cert/capsule.lab-certs.tar
Preparing installation Done
Success!
To finish the installation, follow these steps:
If you do not have the Capsule registered to the Satellite instance, then please do the following:
1. yum -y localinstall http://satellite.lab/pub/katello-ca-consumer-latest.noarch.rpm
2. subscription-manager register --org "Acme_Org"
Then follow these steps to start Capsule installation:
1. Ensure that the satellite-capsule package is installed on the system.
2. Copy /root/capsule_cert/capsule.lab-certs.tar to the system capsule.lab
at /root/capsule.lab-certs.tar:
scp /root/capsule_cert/capsule.lab-certs.tar \
root@capsule.lab:/root/capsule.lab-certs.tar
3. Run the following commands on the Capsule (possibly with customized
parameters; see satellite-installer --scenario capsule --help and
documentation for more info on setting up additional services):
satellite-installer --scenario capsule\
--certs-tar-file "/root/capsule.lab-certs.tar"\
--foreman-proxy-register-in-foreman "true"\
--foreman-proxy-foreman-base-url "https://satellite.lab"\
--foreman-proxy-trusted-hosts "satellite.lab"\
--foreman-proxy-trusted-hosts "capsule.lab"\
--foreman-proxy-oauth-consumer-key "GgfRRZPDNESFSNe5GUb7uPBe3AFovLod"\
--foreman-proxy-oauth-consumer-secret "qn9t6wgLXnS2FULQG2iBprzaBFiZ4WJh"
As you can see from the example code above, the output gives you instructions for what you need to do next.
First, copy the /root/capsule_cert/capsule.lab-certs.tar
(or whatever FQDN you used) file to the Satellite Capsule Server.
Then copy the generated satellite-installer command (similar to the command at the end of the example output above) and run it on the Satellite Capsule Server. This command is specific for the certificates you previously generated, so it's imperative that you copy the exact output of your capsule-certs-generate
command!
Success!
* Capsule is running at https://capsule.lab:9090
The full log is at /var/log/foreman-installer/capsule.log...
Configure the Satellite Capsule Server
The Satellite Capsule Server software is now installed. However, content doesn't get replicated to the Satellite Capsule Server until the Satellite Server is configured to do so. Content replication is managed through Content Views and Lifecycle Environments.
In this example, the Satellite Server only has a Lifecycle Environment (LCE) named Capsule Production. To synchronize all metadata (you have not specified that all software must be synchronized), you could tell the Satellite Server to synchronize Capsule Production to the capsule. In a real-life environment, it's not always practical or desirable to synchronize all software to Satellite Capsule Servers because it can take a long time, and consume a vast amount of storage.
Content Views are used to specify a snapshot of repositories, and provide control over which RPM package versions are added to a lifecycle environment. In this example, I use a combination of a content view and an LCE to synchronize RHEL 9 BaseOS, AppStream, and Satellite Client software to the Satellite Capsule Server.
Refer to the official documentation to create an LCE, Content View, and to synchronize repositories to the Satellite Server.
Here are the components you'll need to synchronize content from the Satellite Server to the capsule:
- Lifecycle Environment: Capsule Production
- Content View: RHEL9
- Repositories:
- RHEL 9 BaseOS
- RHEL 9 AppStream
- Satellite Client 6 for RHEL 9 (contains remote execution pull provider, traces, and so on)
Here's the workflow for the content synchronization process:
- Create Content View RHEL9
- Add repositories to Content View RHEL9
- Publish Content View RHEL9 and promote it to Lifecycle Environment Capsule Production
- Content begins synchronizing to the capsule server from Satellite
Assuming the Content View has been configured, repositories have been added, and the Content View has been published and promoted to the Capsule Production LCE, you can proceed to the next step.
Configure Capsule synchronization
You must now ensure that the content metadata is automatically synchronized to the capsule. In the Satellite web UI, click on Infrastructure and then select Capsules.
Click on the Satellite Capsule Server (in this example, that's capsule.lab), and then click the Edit button in the top right corner.
In the Edit screen, select the Lifecycle Environments tab.
Configure the Satellite Server satellite.lab
to synchronize the Capsule Production Lifecycle environment to capsule.lab
:
- Click on Capsule Production
- Click the Submit button
Back on the Capsules screen, click capsule.lab
again.
Click on Optimized Sync
to synchronize repo metadata to the capsule.
Optimized sync only synchronizes repository metadata. When a system installs a package from the capsule, the package is downloaded and stored on the capsule before it's downloaded to the system.
Note that I've left Download Policy set to its default On Demand option. This means that while metadata is synchronized to the Satellite Capsule Server, the software is only synchronized when a host makes a request to the Satellite Capsule Server for software to be installed.
If Download Policy is configured in On Demand mode, then content cannot be fetched if the connection between the Satellite Server and capsule is disrupted.
Migrate hosts to Capsule server
Next, navigate to the Hosts menu and select All Hosts.
Do the following.
- Select a host. In this example I use rhel1
- Click Change Content Source
On the Change Content Source screen:
- Select the Satellite Capsule Server from the Content source drop-down menu (in this example, it's
capsule.lab
) - In the Lifecycle environment section, choose Capsule Production
- Choose the RHEL9 Content View
- Click the Run job button at the bottom of the screen
On the Run job screen, click the Run on selected hosts button.
After the job has run, you can verify that rhel1
was successfully migrated to capsule.lab
by viewing the /etc/yum.repo.d/redhat.repo
file. The redhat.repo
shows that baseurl points to capsule.lab
.
rhel1$ grep baseurl /etc/yum.repos.d/redhat.repo
baseurl = https://capsule.lab/pulp/content/Acme_Org/capsule_production/RHEL9/content/dist/rhel9/$releasever/x86_64/baseos/os
Optional: Remote Execution Pull mode
If you are using Remote Execution (REX) Pull mode on Satellite, you must perform this extra step to enable it on your capsule:
capsule$ sudo satellite-installer --foreman-proxy-plugin-remote-execution-script-mode pull-mqtt
Allow the mqtt messaging service on the Satellite Capsule Server:
capsule$ sudo firewall-cmd --permanent --add-service=mqtt
capsule$ sudo firewall-cmd --reload
Optional: Alternate Content Sources
Alternate Content Sources (ACS) allow a capsule to download Red Hat content directly from the Red Hat Content Delivery Network (CDN) rather than from the Satellite Server. Metadata is still synchronized with the Satellite Server. Content curation is still performed through the Satellite Server.
Configuring the Satellite Capsule Server to synchronize directly with the Red Hat CDN has several benefits. Often, network topologies that span multiple datacenters or geographies utilize network connections that are expensive to use, or are physically incapable of high throughput. In addition to saving money on bandwidth costs, ACS can save the amount of time required to download content because it's downloading from a Red Hat CDN source that's geographically closest to the capsule.
Simplified ACS
In the Satellite webUI, navigate to the Alternate Content Sources menu.
Click the Add source button, and then complete these steps:
- Click on Simplified. This choice allows you to use the Red Hat CDN as an ACS
- Select Yum
- Click Next to continue
Name the ACS and click Next.
Select the capsule you want to use ACS and click Next.
Select the products you wish to sync from the ACS and click Next. In this example, we're selecting all of them.
Review the settings and click Add.
Reduce maintenance with Satellite
Red Hat Satellite is an infrastructure management solution designed to streamline management of Red Hat Enterprise Linux systems, at scale, wherever they reside, whether it's physical, virtual or cloud.
Red Hat Satellite automates common system tasks to increase efficiency. It is integrated with Red Hat Insights, which provides visibility, analysis and recommended updates. Satellite can automate the process to apply those recommendations and help keep systems secure, available and compliant.
Satellite and its Capsule feature provide tools to manage your RHEL infrastructure efficiently in complicated topologies to help your business runs smoothly. For more information, refer to the following documents:
Are you interested in learning more about Red Hat Satellite? Talk to a Red Hatter today!
About the author
As a Senior Principal Technical Marketing Manager in the Red Hat Enterprise Linux business unit, Matthew Yee is here to help everyone understand what our products do. He joined Red Hat in 2021 and is based in Vancouver, Canada.
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit